+# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html
+AcceptEnv LANG LC_*
+AuthorizedKeysFile %h/.ssh/authorized_keys
+ChallengeResponseAuthentication no
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+ClientAliveInterval 0
+Compression yes
+DebianBanner no
+GSSAPIAuthentication no
+#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostbasedAuthentication no
+IgnoreRhosts yes
+IgnoreUserKnownHosts no
+KerberosAuthentication no
+#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+KeyRegenerationInterval 3600
+ListenAddress 0.0.0.0:22
+LogLevel INFO
+LoginGraceTime 120
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
+MaxAuthTries 5
+PasswordAuthentication no
+PermitEmptyPasswords no
+PermitRootLogin yes
+PrintLastLog yes
+PrintMotd no
+Protocol 2
+PubkeyAuthentication yes
+RSAAuthentication yes
+RhostsRSAAuthentication no
+ServerKeyBits 768
+StrictModes yes
+SyslogFacility AUTH
+TCPKeepAlive yes
+UsePAM yes
+UsePrivilegeSeparation yes
+X11DisplayOffset 10
+X11Forwarding no
+
+Subsystem sftp internal-sftp
+Match Group sftp
+ AllowTCPForwarding no
+ ChrootDirectory %h
+ ForceCommand internal-sftp
+ X11Forwarding no
+
+# vim: ft=sshdconfig